LDAP Injection

The amount of data stored in organisational databases has increased rapidly in recent years due to the rapid advancement of information technology. A high percentage of the data is sensitive, private and critical to those organisations, their clients, suppliers and partners.

Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitising user inputs first.

The main steps of a penetration testing

The main steps of a penetration testing

There are different technologies and challenges during the penetration testings and they range between new web applications to relatively outdated systems. Most of known vulnerabilities such as SQL injections, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML injections, Security Misconfiguration and Path Traversal are usually found during a penetration testing.